July 2018 - Devel - libvirt List Archives

[libvirt] [PATCH v3 0/2] Change virFileIsCDROM to check cdrom status
by Han Han 19 Jul '18

19 Jul '18

v2: https://www.redhat.com/archives/libvir-list/2018-July/msg00655.html v1: https://www.redhat.com/archives/libvir-list/2018-July/msg00103.html Rename virFileIsCDROM to virFileCheckCDROM and add new argument filled with cdrom status. Now it could be used to get cdrom status. In libvirt, it gives general Input/Output error when reading a not ready cdrom backend vol. This error should be replaced with warning just like the warning of lacking backing file. Han Han (2): util: Refactor virFileIsCDROM to virFileCheckCDROM storage: Improve error handling on cdrom backend src/libvirt_private.syms | 2 +- src/qemu/qemu_domain.c | 4 ++-- src/storage/storage_util.c | 8 ++++++++ src/util/virfile.c | 41 ++++++++++++++++++++++++++++++++------ src/util/virfile.h | 13 +++++++++++- 5 files changed, 58 insertions(+), 10 deletions(-) -- 2.17.1

2 4

[libvirt] [PATCH] locking: don't create qemu-sanlock.conf file when QEMU isn't enabled
by Daniel P. Berrangé 19 Jul '18

19 Jul '18

The test targets result in the qemu-sanlock.conf file being created when sanlock is enabled, even if QEMU is not enabled. As a result it never gets cleaned up when distclean is run, breaking distcheck. Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- src/locking/Makefile.inc.am | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) Pushed as a build fix for when jansson isn't available (which turns off QEMU) diff --git a/src/locking/Makefile.inc.am b/src/locking/Makefile.inc.am index 649c769e00..f2eb2efb7b 100644 --- a/src/locking/Makefile.inc.am +++ b/src/locking/Makefile.inc.am @@ -156,10 +156,10 @@ sanlock_la_LDFLAGS = $(AM_LDFLAGS_MOD_NOUNDEF) sanlock_la_LIBADD = -lsanlock_client libvirt.la ../gnulib/lib/libgnu.la augeas_DATA += locking/libvirt_sanlock.aug -augeastest_DATA += test_libvirt_sanlock.aug -CLEANFILES += test_libvirt_sanlock.aug if WITH_QEMU +augeastest_DATA += test_libvirt_sanlock.aug +CLEANFILES += test_libvirt_sanlock.aug nodist_conf_DATA += locking/qemu-sanlock.conf BUILT_SOURCES += locking/qemu-sanlock.conf DISTCLEANFILES += locking/qemu-sanlock.conf @@ -213,6 +213,7 @@ if WITH_SANLOCK endif WITH_SANLOCK if WITH_SANLOCK +if WITH_QEMU test_libvirt_sanlock.aug: locking/test_libvirt_sanlock.aug.in \ locking/qemu-sanlock.conf $(AUG_GENTEST) $(AM_V_GEN)$(AUG_GENTEST) locking/qemu-sanlock.conf $< $@ @@ -221,6 +222,9 @@ check-augeas-sanlock: test_libvirt_sanlock.aug $(AM_V_GEN)if test -x '$(AUGPARSE)'; then \ '$(AUGPARSE)' -I $(srcdir)/locking test_libvirt_sanlock.aug; \ fi +else ! WITH_QEMU +check-augeas-sanlock: +endif ! WITH_QEMU else ! WITH_SANLOCK check-augeas-sanlock: endif ! WITH_SANLOCK -- 2.17.1

1 0

[libvirt] [PATCH v2 0/3] Introduce new video model type 'none'
by Erik Skultety 19 Jul '18

19 Jul '18

v1 here https://www.redhat.com/archives/libvir-list/2018-June/msg01793.html Since v1: - there were only small fixes needed as per the review - decided not to split the patch as requested by the reviewer because the first patch would contain 90% of the changes, both in qemu driver and domain_conf to make the test suite happy (PCI address auto-assignment issues) and a single hunk in qemu_command.c in the second patch to actually enable the feature - this just wasn't worth doing, better keep it together in this case - added some tiny reword patch 1 - added a news update Erik Skultety (3): docs: Rephrase the mediated devices hostdev section a bit conf: Introduce new video type 'none' docs: news: Provide an update about the video type 'none' docs/formatdomain.html.in | 23 ++++++--- docs/news.xml | 14 ++++++ docs/schemas/domaincommon.rng | 1 + src/conf/domain_conf.c | 55 ++++++++++++++++------ src/conf/domain_conf.h | 1 + src/qemu/qemu_command.c | 14 ++++-- src/qemu/qemu_domain.c | 3 ++ src/qemu/qemu_domain_address.c | 10 ++++ tests/domaincapsschemadata/full.xml | 1 + .../video-invalid-multiple-devices.xml | 33 +++++++++++++ tests/qemuxml2argvdata/video-none-device.args | 27 +++++++++++ tests/qemuxml2argvdata/video-none-device.xml | 39 +++++++++++++++ tests/qemuxml2argvtest.c | 4 +- tests/qemuxml2xmloutdata/video-none-device.xml | 42 +++++++++++++++++ tests/qemuxml2xmltest.c | 1 + 15 files changed, 243 insertions(+), 25 deletions(-) create mode 100644 tests/qemuxml2argvdata/video-invalid-multiple-devices.xml create mode 100644 tests/qemuxml2argvdata/video-none-device.args create mode 100644 tests/qemuxml2argvdata/video-none-device.xml create mode 100644 tests/qemuxml2xmloutdata/video-none-device.xml -- 2.14.4

2 9

[libvirt] [PATCH v4 00/10] Enable vfio-pci 'property' for mediated device
by Erik Skultety 19 Jul '18

19 Jul '18

RFC here: https://www.redhat.com/archives/libvir-list/2018-May/msg02218.html Since v1 [1]: - remodeled egl-headless to be a standalone graphics element instead of a result of some automagic with graphic's <gl> element - pushed the first 5 simple fixes that were RB'd - fixed some nits raised during review Since v2 [2] - converted the 'display' and 'egl-headless' PostParse callbacks in patches 2 and 6 to Validate callbacks as they should have been since the beginning (see the RFC) - some minor nits - added a standalone patch substituting some 'error' labels with 'cleanup' as requested during review Since v3 [3]: - all of the patches got a RB, but there were some comments that made me send another version - the only major change was to move the default 'display' choice from qemu_command.c back to a PostParse callback, so now we format display='off' by default to every domain that utilized an mdev [1] https://www.redhat.com/archives/libvir-list/2018-June/msg01740.html [2] https://www.redhat.com/archives/libvir-list/2018-July/msg00485.html [3] https://www.redhat.com/archives/libvir-list/2018-July/msg00698.html Erik Skultety (9): qemu: qemuBuildHostdevCommandLine: Use a helper variable mdevsrc qemu: caps: Introduce a capability for egl-headless qemu: Introduce a new graphics display type 'headless' qemu: caps: Add vfio-pci.display capability conf: Introduce virDomainGraphicsDefHasOpenGL helper conf: Replace 'error' with 'cleanup' in virDomainHostdevDefParseXMLSubsys conf: Introduce new <hostdev> attribute 'display' qemu: command: Enable formatting vfio-pci.display option onto cmdline docs: Update news about the VNC console enablement for mdevs Katerina Koukiou (1): docs: formatdomain: unify naming for CPUs/vCPUs docs/formatdomain.html.in | 137 ++++++++++++------ docs/news.xml | 10 ++ docs/schemas/domaincommon.rng | 8 ++ src/conf/domain_conf.c | 106 +++++++++++--- src/conf/domain_conf.h | 5 + src/libvirt_private.syms | 1 + src/libxl/libxl_conf.c | 1 + src/qemu/qemu_capabilities.c | 10 ++ src/qemu/qemu_capabilities.h | 4 + src/qemu/qemu_command.c | 23 ++- src/qemu/qemu_domain.c | 154 ++++++++++++++++++++- src/qemu/qemu_driver.c | 2 + src/qemu/qemu_hotplug.c | 1 + src/qemu/qemu_process.c | 4 + src/vmx/vmx.c | 1 + tests/domaincapsschemadata/full.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.aarch64.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.ppc64.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.10.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.s390x.xml | 1 + tests/qemucapabilitiesdata/caps_2.11.0.x86_64.xml | 1 + tests/qemucapabilitiesdata/caps_2.12.0.aarch64.xml | 2 + tests/qemucapabilitiesdata/caps_2.12.0.ppc64.xml | 2 + tests/qemucapabilitiesdata/caps_2.12.0.s390x.xml | 2 + tests/qemucapabilitiesdata/caps_2.12.0.x86_64.xml | 2 + tests/qemucapabilitiesdata/caps_3.0.0.ppc64.xml | 2 + tests/qemucapabilitiesdata/caps_3.0.0.x86_64.xml | 2 + tests/qemuxml2argvdata/graphics-egl-headless.args | 26 ++++ tests/qemuxml2argvdata/graphics-egl-headless.xml | 31 +++++ .../qemuxml2argvdata/graphics-sdl-egl-headless.xml | 35 +++++ .../graphics-spice-egl-headless.args | 31 +++++ .../graphics-spice-egl-headless.xml | 36 +++++ .../graphics-spice-invalid-egl-headless.xml | 37 +++++ .../graphics-vnc-egl-headless.args | 28 ++++ .../qemuxml2argvdata/graphics-vnc-egl-headless.xml | 37 +++++ .../hostdev-mdev-display-missing-graphics.xml | 35 +++++ ...v-display-spice-egl-headless.x86_64-latest.args | 37 +++++ .../hostdev-mdev-display-spice-egl-headless.xml | 40 ++++++ ...ev-mdev-display-spice-opengl.x86_64-latest.args | 36 +++++ .../hostdev-mdev-display-spice-opengl.xml | 41 ++++++ ...dev-display-vnc-egl-headless.x86_64-latest.args | 37 +++++ .../hostdev-mdev-display-vnc-egl-headless.xml | 40 ++++++ .../hostdev-mdev-display-vnc.x86_64-latest.args | 36 +++++ .../qemuxml2argvdata/hostdev-mdev-display-vnc.xml | 39 ++++++ tests/qemuxml2argvdata/hostdev-mdev-display.xml | 39 ++++++ tests/qemuxml2argvtest.c | 24 ++++ .../graphics-spice-egl-headless.xml | 44 ++++++ .../graphics-vnc-egl-headless.xml | 42 ++++++ tests/qemuxml2xmloutdata/hostdev-mdev-display.xml | 47 +++++++ tests/qemuxml2xmltest.c | 3 + 51 files changed, 1214 insertions(+), 73 deletions(-) create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless.args create mode 100644 tests/qemuxml2argvdata/graphics-egl-headless.xml create mode 100644 tests/qemuxml2argvdata/graphics-sdl-egl-headless.xml create mode 100644 tests/qemuxml2argvdata/graphics-spice-egl-headless.args create mode 100644 tests/qemuxml2argvdata/graphics-spice-egl-headless.xml create mode 100644 tests/qemuxml2argvdata/graphics-spice-invalid-egl-headless.xml create mode 100644 tests/qemuxml2argvdata/graphics-vnc-egl-headless.args create mode 100644 tests/qemuxml2argvdata/graphics-vnc-egl-headless.xml create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-missing-graphics.xml create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-spice-egl-headless.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-spice-egl-headless.xml create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-spice-opengl.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-spice-opengl.xml create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-vnc-egl-headless.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-vnc-egl-headless.xml create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-vnc.x86_64-latest.args create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display-vnc.xml create mode 100644 tests/qemuxml2argvdata/hostdev-mdev-display.xml create mode 100644 tests/qemuxml2xmloutdata/graphics-spice-egl-headless.xml create mode 100644 tests/qemuxml2xmloutdata/graphics-vnc-egl-headless.xml create mode 100644 tests/qemuxml2xmloutdata/hostdev-mdev-display.xml -- 2.14.4

3 19

[libvirt] [PATCH] Add DOMAIN_MEMORY_STAT_DISK_CACHES constant
by Daniel P. Berrangé 18 Jul '18

18 Jul '18

Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- domain.go | 1 + domain_compat.h | 6 ++++++ 2 files changed, 7 insertions(+) Pushed as a build fix diff --git a/domain.go b/domain.go index cc0285b..6a9e2a1 100644 --- a/domain.go +++ b/domain.go @@ -377,6 +377,7 @@ const ( DOMAIN_MEMORY_STAT_RSS = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_RSS) DOMAIN_MEMORY_STAT_USABLE = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_USABLE) DOMAIN_MEMORY_STAT_LAST_UPDATE = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_LAST_UPDATE) + DOMAIN_MEMORY_STAT_DISK_CACHES = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_DISK_CACHES) DOMAIN_MEMORY_STAT_NR = DomainMemoryStatTags(C.VIR_DOMAIN_MEMORY_STAT_NR) ) diff --git a/domain_compat.h b/domain_compat.h index 345505c..f23670c 100644 --- a/domain_compat.h +++ b/domain_compat.h @@ -1046,4 +1046,10 @@ int virDomainGetLaunchSecurityInfoCompat(virDomainPtr domain, #define VIR_DOMAIN_LAUNCH_SECURITY_SEV_MEASUREMENT "sev-measurement" #endif +/* 4.6.0 */ + +#ifndef VIR_DOMAIN_MEMORY_STAT_DISK_CACHES +#define VIR_DOMAIN_MEMORY_STAT_DISK_CACHES 10 +#endif + #endif /* LIBVIRT_GO_DOMAIN_COMPAT_H__ */ -- 2.17.1

1 1

[libvirt] [perl PATCH] Add VIR_DOMAIN_MEMORY_STAT_DISK_CACHES constant
by Daniel P. Berrangé 18 Jul '18

18 Jul '18

Signed-off-by: Daniel P. Berrangé <berrange(a)redhat.com> --- Changes | 2 +- lib/Sys/Virt.xs | 5 +++++ lib/Sys/Virt/Domain.pm | 4 ++++ 3 files changed, 10 insertions(+), 1 deletion(-) Pushed as a build fix diff --git a/Changes b/Changes index 74bbb22..4c77425 100644 --- a/Changes +++ b/Changes @@ -2,7 +2,7 @@ Revision history for perl module Sys::Virt 4.6.0 2018-00-00 - - XXX + - Add VIR_DOMAIN_MEMORY_STAT_DISK_CACHES 4.5.0 2018-07-03 diff --git a/lib/Sys/Virt.xs b/lib/Sys/Virt.xs index 40134d3..14967d7 100644 --- a/lib/Sys/Virt.xs +++ b/lib/Sys/Virt.xs @@ -5850,6 +5850,10 @@ memory_stats(dom, flags=0) case VIR_DOMAIN_MEMORY_STAT_USABLE: (void)hv_store (RETVAL, "usable", 6, virt_newSVll(stats[i].val), 0); break; + + case VIR_DOMAIN_MEMORY_STAT_DISK_CACHES: + (void)hv_store (RETVAL, "disk_caches", 11, virt_newSVll(stats[i].val), 0); + break; } } Safefree(stats); @@ -9040,6 +9044,7 @@ BOOT: REGISTER_CONSTANT(VIR_DOMAIN_MEMORY_STAT_RSS, MEMORY_STAT_RSS); REGISTER_CONSTANT(VIR_DOMAIN_MEMORY_STAT_LAST_UPDATE, MEMORY_STAT_LAST_UPDATE); REGISTER_CONSTANT(VIR_DOMAIN_MEMORY_STAT_USABLE, MEMORY_STAT_USABLE); + REGISTER_CONSTANT(VIR_DOMAIN_MEMORY_STAT_DISK_CACHES, MEMORY_STAT_DISK_CACHES); REGISTER_CONSTANT_STR(VIR_DOMAIN_BLOCK_IOTUNE_TOTAL_BYTES_SEC, BLOCK_IOTUNE_TOTAL_BYTES_SEC); diff --git a/lib/Sys/Virt/Domain.pm b/lib/Sys/Virt/Domain.pm index 284c38c..8eee18c 100644 --- a/lib/Sys/Virt/Domain.pm +++ b/lib/Sys/Virt/Domain.pm @@ -3903,6 +3903,10 @@ Amount of usable memory Time of last stats refresh from guest +=item Sys::Virt::Domain::MEMORY_STAT_DISK_CACHES + +Disk cache size + =back =head2 DOMAIN LIST CONSTANTS -- 2.17.1

1 0

[libvirt] [PATCH] test: Implement virConnectListAllInterfaces
by Cole Robinson 18 Jul '18

18 Jul '18

This adds some generic virinterfaceobj code, roughly matching what is used by other stateful drivers like network, storage, etc. Signed-off-by: Cole Robinson <crobinso(a)redhat.com> --- src/conf/virinterfaceobj.c | 105 +++++++++++++++++++++++++++++++++++++ src/conf/virinterfaceobj.h | 7 +++ src/libvirt_private.syms | 1 + src/test/test_driver.c | 15 ++++++ 4 files changed, 128 insertions(+) diff --git a/src/conf/virinterfaceobj.c b/src/conf/virinterfaceobj.c index a1d7346eb2..87ce188117 100644 --- a/src/conf/virinterfaceobj.c +++ b/src/conf/virinterfaceobj.c @@ -241,6 +241,111 @@ virInterfaceObjListFindByName(virInterfaceObjListPtr interfaces, return obj; } +#define MATCH(FLAG) (flags & (FLAG)) +static bool +virInterfaceMatch(virInterfaceObjPtr obj, + unsigned int flags) +{ + /* filter by active state */ + if (MATCH(VIR_CONNECT_LIST_INTERFACES_FILTERS_ACTIVE) && + !((MATCH(VIR_CONNECT_LIST_INTERFACES_ACTIVE) && + virInterfaceObjIsActive(obj)) || + (MATCH(VIR_CONNECT_LIST_INTERFACES_INACTIVE) && + !virInterfaceObjIsActive(obj)))) + return false; + + return true; +} +#undef MATCH + + +struct virInterfaceObjListData { + virConnectPtr conn; + virInterfacePtr *ifaces; + virInterfaceObjListFilter filter; + unsigned int flags; + int nifaces; + bool error; +}; + +static int +virInterfaceObjListPopulate(void *payload, + const void *name ATTRIBUTE_UNUSED, + void *opaque) +{ + struct virInterfaceObjListData *data = opaque; + virInterfaceObjPtr obj = payload; + virInterfacePtr iface = NULL; + + if (data->error) + return 0; + + virObjectLock(obj); + + if (data->filter && + !data->filter(data->conn, obj->def)) + goto cleanup; + + if (!virInterfaceMatch(obj, data->flags)) + goto cleanup; + + if (!data->ifaces) { + data->nifaces++; + goto cleanup; + } + + if (!(iface = virGetInterface(data->conn, obj->def->name, obj->def->mac))) { + data->error = true; + goto cleanup; + } + + data->ifaces[data->nifaces++] = iface; + + cleanup: + virObjectUnlock(obj); + return 0; +} + + +int +virInterfaceObjListExport(virConnectPtr conn, + virInterfaceObjListPtr ifaceobjs, + virInterfacePtr **ifaces, + virInterfaceObjListFilter filter, + unsigned int flags) +{ + int ret = -1; + struct virInterfaceObjListData data = { + .conn = conn, .ifaces = NULL, .filter = filter, .flags = flags, + .nifaces = 0, .error = false }; + + virObjectRWLockRead(ifaceobjs); + if (ifaces && VIR_ALLOC_N(data.ifaces, + virHashSize(ifaceobjs->objsName) + 1) < 0) + goto cleanup; + + virHashForEach(ifaceobjs->objsName, virInterfaceObjListPopulate, &data); + + if (data.error) + goto cleanup; + + if (data.ifaces) { + /* trim the array to the final size */ + ignore_value(VIR_REALLOC_N(data.ifaces, data.nifaces + 1)); + *ifaces = data.ifaces; + data.ifaces = NULL; + } + + ret = data.nifaces; + cleanup: + virObjectRWUnlock(ifaceobjs); + while (data.ifaces && data.nifaces) + virObjectUnref(data.ifaces[--data.nifaces]); + + VIR_FREE(data.ifaces); + return ret; +} + void virInterfaceObjListDispose(void *obj) diff --git a/src/conf/virinterfaceobj.h b/src/conf/virinterfaceobj.h index 799d38038f..33d2dda05d 100644 --- a/src/conf/virinterfaceobj.h +++ b/src/conf/virinterfaceobj.h @@ -82,4 +82,11 @@ virInterfaceObjListGetNames(virInterfaceObjListPtr interfaces, char **const names, int maxnames); +int +virInterfaceObjListExport(virConnectPtr conn, + virInterfaceObjListPtr ifaceobjs, + virInterfacePtr **ifaces, + virInterfaceObjListFilter filter, + unsigned int flags); + #endif /* __VIRINTERFACEOBJ_H__ */ diff --git a/src/libvirt_private.syms b/src/libvirt_private.syms index e688981c3e..ec5ed0cc81 100644 --- a/src/libvirt_private.syms +++ b/src/libvirt_private.syms @@ -961,6 +961,7 @@ virInterfaceObjGetDef; virInterfaceObjIsActive; virInterfaceObjListAssignDef; virInterfaceObjListClone; +virInterfaceObjListExport; virInterfaceObjListFindByMACString; virInterfaceObjListFindByName; virInterfaceObjListGetNames; diff --git a/src/test/test_driver.c b/src/test/test_driver.c index 5494d51017..951d9c4151 100644 --- a/src/test/test_driver.c +++ b/src/test/test_driver.c @@ -3828,6 +3828,20 @@ testConnectListDefinedInterfaces(virConnectPtr conn, } +static int +testConnectListAllInterfaces(virConnectPtr conn, + virInterfacePtr **ifaces, + unsigned int flags) +{ + testDriverPtr privconn = conn->privateData; + + virCheckFlags(VIR_CONNECT_LIST_INTERFACES_FILTERS_ACTIVE, -1); + + return virInterfaceObjListExport(conn, privconn->ifaces, ifaces, + NULL, flags); +} + + static virInterfacePtr testInterfaceLookupByName(virConnectPtr conn, const char *name) @@ -6944,6 +6958,7 @@ static virInterfaceDriver testInterfaceDriver = { .connectListInterfaces = testConnectListInterfaces, /* 0.7.0 */ .connectNumOfDefinedInterfaces = testConnectNumOfDefinedInterfaces, /* 0.7.0 */ .connectListDefinedInterfaces = testConnectListDefinedInterfaces, /* 0.7.0 */ + .connectListAllInterfaces = testConnectListAllInterfaces, /* 4.6.0 */ .interfaceLookupByName = testInterfaceLookupByName, /* 0.7.0 */ .interfaceLookupByMACString = testInterfaceLookupByMACString, /* 0.7.0 */ .interfaceGetXMLDesc = testInterfaceGetXMLDesc, /* 0.7.0 */ -- 2.17.1

2 1

[libvirt] [PATCHv2] examples: Add clean-traffic-gateway into nwfilters
by Ales Musil 18 Jul '18

18 Jul '18

The filter purpose is to simulate isolated private VLAN. The behavior can be achieved by limiting network traffic to traffic between VM and gateway. Because there is no concept of the PVLAN in the linux bridge. The filter also contains parts from clean-traffic to prevent VM from spoofing its IP and MAC address. To use this filter the user just needs to set the GATEWAY_MAC variable to gateway MAC address. Signed-off-by: Ales Musil <amusil(a)redhat.com> --- examples/xml/nwfilter/clean-traffic-gateway.xml | 34 +++++++++++++++++++++++++ 1 file changed, 34 insertions(+) create mode 100644 examples/xml/nwfilter/clean-traffic-gateway.xml diff --git a/examples/xml/nwfilter/clean-traffic-gateway.xml b/examples/xml/nwfilter/clean-traffic-gateway.xml new file mode 100644 index 0000000..b8c2040 --- /dev/null +++ b/examples/xml/nwfilter/clean-traffic-gateway.xml @@ -0,0 +1,34 @@ +<filter name='clean-traffic-gateway'> +  + <filterref filter='no-mac-spoofing'/> + +  + <filterref filter='no-ip-spoofing'/> + +  + <filterref filter='no-arp-spoofing'/> + +  + <rule action='accept' direction='inout' priority='-500'> + <mac protocolid='arp'/> + </rule> + +  + <rule action='accept' direction='in'> + <mac match='yes' srcmacaddr='$GATEWAY_MAC'/> + </rule> + +  + <rule action='accept' direction='out'> + <mac match='yes' dstmacaddr='$GATEWAY_MAC'/> + </rule> + +  + <filterref filter='no-other-l2-traffic'/> + +  + <filterref filter='qemu-announce-self'/> +</filter> -- 1.8.3.1

2 1

[libvirt] [PATCH 0/3] support VLan for virtual network based on 8021q kernel module
by Shi Lei 18 Jul '18

18 Jul '18

Support VLan for virtual network based on 8021q kernel module other than ovs backend. Insert vlan-device into the datapath of the network traffic: (outside of host) <--> physical_interface <--> vlan-dev(with VLAN-Tag) <--> bridge <--> guests Then VLAN-Tag will be applied to the guest's network traffic. The VLan network acts as real layer-2 switch which provides 'access' port to guest. 1. Create VLan network by setting mode='vlan' on the forward element, for example: ... <network> <name>vlan10</name> <forward mode="vlan" dev="eth0"/> <vlan> <tag id="10"/> </vlan> </network> ... The mode attribute of <forward> should be 'vlan' (this patch added). The dev attribute of <forward> specifies a physical interface which forwards traffice between this VLan-network and outside. The id attribue of the vlan tag indicates VLAN-Tag. Both vlan element and tag element should be unique in this xml. A guest connects to this VLan network by setting its xml like this: <interface type='network'> <source network='vlan10'/> </interface> 2. We can enable dhcp for VLan network according to the current way, for example: ... <network> ... <ip address="192.168.126.2" netmask="255.255.255.0"> <dhcp> <range start="192.168.126.120" end="192.168.126.129"/> </dhcp> </ip> </network> ... 3. This can help to build Cross-Host VLan network for guests. We can simplify the work to implement vlan-net of management app (e.g. OpenStack). 1) Distribute the xml of VLan network to all hosts, then 'virsh net-create ...' on each host locally. 2) Makesure the outside switch's port linked to the physical interface (specified by the dev of <forward>) is 'trunk' mode. 3) For each VLan network, ONLY one host can 'net-create' network with ip and dhcp element to avoid dhcp conflict. Shi Lei (3): add functions: load(verify) 8021q module, create/destroy vlan-dev support new forward mode of vlan for virtual network fix other functions to add VIR_NETWORK_FORWARD_VLAN configure.ac | 5 +- src/conf/domain_conf.c | 1 + src/conf/network_conf.c | 12 ++- src/conf/network_conf.h | 1 + src/conf/virnetworkobj.c | 1 + src/libvirt_private.syms | 4 + src/network/bridge_driver.c | 80 ++++++++++++++++-- src/qemu/qemu_process.c | 1 + src/util/virnetdev.c | 195 ++++++++++++++++++++++++++++++++++++++++++++ src/util/virnetdev.h | 14 ++++ 10 files changed, 301 insertions(+), 13 deletions(-) -- 2.7.4

2 10

[libvirt] [PATCH 0/4] qemu: vnc: switch to tls-creds-x509
by Ján Tomko 18 Jul '18

18 Jul '18

Ján Tomko (4): tests: qemu: Remove disk from graphics-vnc-tls FIXDOWN: copy graphics-vnc-tls args to versioned paths tests: qemu: test more versions for graphics-vnc-tls qemu: vnc: switch to tls-creds-x509 src/qemu/qemu_command.c | 26 +++++++++++++---- tests/qemuxml2argvdata/graphics-vnc-tls.args | 2 -- .../graphics-vnc-tls.x86_64-2.4.0.args | 28 ++++++++++++++++++ .../graphics-vnc-tls.x86_64-latest.args | 33 ++++++++++++++++++++++ tests/qemuxml2argvdata/graphics-vnc-tls.xml | 6 ---- tests/qemuxml2argvtest.c | 2 ++ tests/qemuxml2xmloutdata/graphics-vnc-tls.xml | 6 ---- 7 files changed, 83 insertions(+), 20 deletions(-) create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-2.4.0.args create mode 100644 tests/qemuxml2argvdata/graphics-vnc-tls.x86_64-latest.args -- 2.16.1

3 10